OWASP Top 10 use case videos
Each video begins with an OWASP Top 10 user scenario explaining the type of attack or security challenge being addressed, and then shows how to configure FortiWeb features in the UI or CLI, with real-time walkthroughs.
-
FortiWeb: Broken Access Control - Preventing unauthorized users accessing admin path
Security risks involved: Session cookie manipulation, direct URL access (force browsing), and unauthorized actions when accessing an application.
FortiWeb's features: URL Access, User Tracking, Custom Policy, and Cookie Security.
Documents: Preventing unauthorized users accessing admin path
-
FortiWeb: Broken Access Control - Mitigating JWT manipulation and privilege escalation
Security risks involved: JWT Interception, Token Manipulation.
FortiWeb's features: API Gateway.
Documents: Mitigating JWT manipulation and elevation of privileges
-
FortiWeb: Implementing CORS for secure cross-domain API requests
Security risks involved: Cross-Origin Resource Sharing (CORS)
FortiWeb's features: CORS Protection.
Documents: Implementing CORS for secure cross-domain API requests
-
FortiWeb: Implementing HTTPS to protect sensitive data in transmission
Security risks involved: Failure to encrypt sensitive data transmitted over networks
FortiWeb's features: SSL Proxy, Server Certificate.
Documents: Implementing HTTPS to protect sensitive data in transmission
-
FortiWeb: Validating Client Certificates with mTLS Support
Security risks involved: Failing to validate SSL/TLS certificates properly, allowing man-in-the-middle attacks.
FortiWeb's features: SSL Proxy, Client Certificate.
Documents: Validating the client's certificate to secure sensitive transactions
-
FortiWeb: Preventing the use of weak cryptographic algorithms
Security risks involved: Implementing cryptographic algorithms that are known to be vulnerable.
FortiWeb's features: SSL cipher groups.
Documents: Preventing the use of weak cryptographic algorithms
-
FortiWeb: Implementing DLP to protect PII
Security risks involved: Improper exposure of PII, leading to identity theft, financial fraud, and significant privacy breaches.
FortiWeb's features: Data Loss Prevention.
Documents: Implementing Data Loss Prevention (DLP) to prevent personally identifiable information exposure
-
FortiWeb: Protecting against Man in the Browser (MitB) Attacks
Security risks involved: Transmit sensitive user input such as password and credit card number without encryption.
FortiWeb's features: Man in the Browser Protection.
Documents: Applying an extra layer of encryption on sensitive user inputs
-
FortiWeb: Preventing Padding Oracle Attacks
Security risks involved: Block cipher encryption modes such as CBC might be exploited by cipher padding attacks, leading to session IDs or cookies hijacked.
FortiWeb's features: Padding Oracle Protection.
Documents: Preventing Padding Oracle Attacks
-
FortiWeb: Mitigating Injection attacks - A focused case study on Reflected XSS
Security risks involved: Reflected XSS Injection
FortiWeb's features: Signatures, SQL/XSS Syntax Based Detection, Machine Learning based Anomaly Detection
Documents: Mitigating Injection attacks: A focused case study on Reflected XSS
-
FortiWeb: Validating uploaded files to prevent potential injections
Security risks involved: Remote File Inclusion (RFI), Local File Inclusion (LFI), Malware Distribution.
FortiWeb's features: File Security, FortiSandbox, Web Shell detection.
Documents: Validating uploaded files to prevent potential injections
-
FortiWeb: Implementing HTTP security headers to prevent potential injections
Security risks involved: Clickjacking, MIME content-sniffing, Cross-Site Scripting (XSS)
FortiWeb's features: HTTP Header Security
Documents: Implementing HTTP security headers to prevent potential injections
-
FortiWeb: Validating HTTP headers to prevent potential injections
Security risks involved: Host Header Injection, HTTP Response Splitting:
FortiWeb's features: HTTP Protocol Constraints
Documents: Validating HTTP headers to prevent potential injections
-
FortiWeb: Validating user input to prevent potential injections
Security risks involved: User input manipulation
FortiWeb's features: Input Validation, Signature based SQL/XSS Injection Detection, SQL/XSS Syntax-based detection, Machine Learning based Anomaly Detection
Documents: Validating user input to prevent potential injections